var-201112-0097
Vulnerability from variot
Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier, as used on the ABB AC500 PLC and possibly other products, allows remote attackers to execute arbitrary code via a long URI to TCP port 8080. CoDeSys is a powerful PLC software programming tool that supports IEC61131-3 standard IL, ST, FBD, LD, CFC, SFC six PLC programming languages. The GatewayService has an integer overflow. The GatewayService uses the 32-bit value offset at the header 0x0c to specify the size of the received data. The program receives this value, increasing the number of 0x34 and allocating the amount of memory can cause an integer overflow. CmpWebServer is a component of the 3SRTESrv3 and CoDeSysControlService services for handling 8080 port connections. The function 0040f480 copies the input URI to a limited stack buffer, which can trigger a buffer overflow. 3S CoDeSys handles the Content-Length value in an HTTP POST request to trigger a null pointer reference. CoDeSys is prone to a stack-based buffer-overflow and an integer-overflow vulnerability. Failed attacks may cause a denial-of-service condition
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201112-0097", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "codesys sp4 patch", "scope": "eq", "trust": 3.5, "vendor": "3s smart", "version": "3.42" }, { "model": "codesys", "scope": "lte", "trust": 1.0, "vendor": "3ssoftware", "version": "3.4" }, { "model": "codesys", "scope": "lte", "trust": 0.8, "vendor": "3s smart", "version": "3.4 sp4 patch 2" }, { "model": null, "scope": "eq", "trust": 0.6, "vendor": "codesys", "version": "*" }, { "model": null, "scope": null, "trust": 0.6, "vendor": "no", "version": null }, { "model": "codesys", "scope": "eq", "trust": 0.6, "vendor": "3ssoftware", "version": "3.4" }, { "model": "codesys", "scope": "eq", "trust": 0.3, "vendor": "3s smart", "version": "3.4" }, { "model": "codesys", "scope": "eq", "trust": 0.3, "vendor": "3s smart", "version": "2.3" }, { "model": "codesys", "scope": "ne", "trust": 0.3, "vendor": "3s smart", "version": "3.5" }, { "model": "codesys", "scope": "ne", "trust": 0.3, "vendor": "3s smart", "version": "2.3.9.32" } ], "sources": [ { "db": "IVD", "id": "45e2b734-2354-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "45e91728-2354-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "5b319126-1f7d-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7d2bf0-463f-11e9-bf0d-000c29342cb1" }, { "db": "IVD", "id": "4143b83e-1f7d-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "84af9d86-1f7d-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7e1d2e16-1f7d-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2011-5591" }, { "db": "CNVD", "id": "CNVD-2011-5128" }, { "db": "CNVD", "id": "CNVD-2011-5125" }, { "db": "CNVD", "id": "CNVD-2011-5126" }, { "db": "CNVD", "id": "CNVD-2011-5127" }, { "db": "BID", "id": "50849" }, { "db": "JVNDB", "id": "JVNDB-2011-003530" }, { "db": "CNNVD", "id": "CNNVD-201112-447" }, { "db": "NVD", "id": "CVE-2011-5007" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:3ssoftware:codesys:*:sp4:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "3.4", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2011-5007" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Luigi Auriemma", "sources": [ { "db": "CNNVD", "id": "CNNVD-201111-501" } ], "trust": 0.6 }, "cve": "CVE-2011-5007", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 10.0, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2011-5007", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CNVD-2011-5591", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "45e2b734-2354-11e6-abef-000c29c66e3d", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "45e91728-2354-11e6-abef-000c29c66e3d", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "5b319126-1f7d-11e6-abef-000c29c66e3d", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "7d7d2bf0-463f-11e9-bf0d-000c29342cb1", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "4143b83e-1f7d-11e6-abef-000c29c66e3d", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "84af9d86-1f7d-11e6-abef-000c29c66e3d", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "7e1d2e16-1f7d-11e6-abef-000c29c66e3d", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.9 [IVD]" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2011-5007", "trust": 1.8, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2011-5591", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201112-447", "trust": 0.6, "value": "CRITICAL" }, { "author": "IVD", "id": "45e2b734-2354-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "CRITICAL" }, { "author": "IVD", "id": "45e91728-2354-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "CRITICAL" }, { "author": "IVD", "id": "5b319126-1f7d-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "CRITICAL" }, { "author": "IVD", "id": "7d7d2bf0-463f-11e9-bf0d-000c29342cb1", "trust": 0.2, "value": "CRITICAL" }, { "author": "IVD", "id": "4143b83e-1f7d-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "CRITICAL" }, { "author": "IVD", "id": "84af9d86-1f7d-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "CRITICAL" }, { "author": "IVD", "id": "7e1d2e16-1f7d-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "CRITICAL" } ] } ], "sources": [ { "db": "IVD", "id": "45e2b734-2354-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "45e91728-2354-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "5b319126-1f7d-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7d2bf0-463f-11e9-bf0d-000c29342cb1" }, { "db": "IVD", "id": "4143b83e-1f7d-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "84af9d86-1f7d-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7e1d2e16-1f7d-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2011-5591" }, { "db": "JVNDB", "id": "JVNDB-2011-003530" }, { "db": "CNNVD", "id": "CNNVD-201112-447" }, { "db": "NVD", "id": "CVE-2011-5007" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier, as used on the ABB AC500 PLC and possibly other products, allows remote attackers to execute arbitrary code via a long URI to TCP port 8080. CoDeSys is a powerful PLC software programming tool that supports IEC61131-3 standard IL, ST, FBD, LD, CFC, SFC six PLC programming languages. The GatewayService has an integer overflow. The GatewayService uses the 32-bit value offset at the header 0x0c to specify the size of the received data. The program receives this value, increasing the number of 0x34 and allocating the amount of memory can cause an integer overflow. CmpWebServer is a component of the 3SRTESrv3 and CoDeSysControlService services for handling 8080 port connections. The function 0040f480 copies the input URI to a limited stack buffer, which can trigger a buffer overflow. 3S CoDeSys handles the Content-Length value in an HTTP POST request to trigger a null pointer reference. CoDeSys is prone to a stack-based buffer-overflow and an integer-overflow vulnerability. Failed attacks may cause a denial-of-service condition", "sources": [ { "db": "NVD", "id": "CVE-2011-5007" }, { "db": "JVNDB", "id": "JVNDB-2011-003530" }, { "db": "CNVD", "id": "CNVD-2011-5591" }, { "db": "CNVD", "id": "CNVD-2011-5128" }, { "db": "CNVD", "id": "CNVD-2011-5125" }, { "db": "CNVD", "id": "CNVD-2011-5126" }, { "db": "CNVD", "id": "CNVD-2011-5127" }, { "db": "BID", "id": "50849" }, { "db": "IVD", "id": "45e2b734-2354-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "45e91728-2354-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "5b319126-1f7d-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7d2bf0-463f-11e9-bf0d-000c29342cb1" }, { "db": "IVD", "id": "4143b83e-1f7d-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "84af9d86-1f7d-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7e1d2e16-1f7d-11e6-abef-000c29c66e3d" } ], "trust": 5.85 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-5007", "trust": 4.7 }, { "db": "BID", "id": "50849", "trust": 3.3 }, { "db": "ICS CERT ALERT", "id": "ICS-ALERT-11-336-01A", "trust": 2.4 }, { "db": "OSVDB", "id": "77387", "trust": 2.2 }, { "db": "CNNVD", "id": "CNNVD-201112-447", "trust": 2.0 }, { "db": "EXPLOIT-DB", "id": "18187", "trust": 1.6 }, { "db": "ICS CERT ALERT", "id": "ICS-ALERT-11-336-01", "trust": 1.6 }, { "db": "SECUNIA", "id": "47018", "trust": 1.6 }, { "db": "CNVD", "id": "CNVD-2011-5591", "trust": 1.2 }, { "db": "ICS CERT", "id": "ICSA-12-320-01", "trust": 1.0 }, { "db": "CNVD", "id": "CNVD-2011-5128", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2011-5125", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2011-5127", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2011-5126", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2011-003530", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201111-501", "trust": 0.6 }, { "db": "BUGTRAQ", "id": "20111129 VULNERABILITIES IN 3S CODESYS 3.4 SP4 PATCH 2", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-12-006-01", "trust": 0.3 }, { "db": "IVD", "id": "45E2B734-2354-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "IVD", "id": "45E91728-2354-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "IVD", "id": "5B319126-1F7D-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "IVD", "id": "7D7D2BF0-463F-11E9-BF0D-000C29342CB1", "trust": 0.2 }, { "db": "IVD", "id": "4143B83E-1F7D-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "IVD", "id": "84AF9D86-1F7D-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "IVD", "id": "7E1D2E16-1F7D-11E6-ABEF-000C29C66E3D", "trust": 0.2 } ], "sources": [ { "db": "IVD", "id": "45e2b734-2354-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "45e91728-2354-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "5b319126-1f7d-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7d2bf0-463f-11e9-bf0d-000c29342cb1" }, { "db": "IVD", "id": "4143b83e-1f7d-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "84af9d86-1f7d-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7e1d2e16-1f7d-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2011-5591" }, { "db": "CNVD", "id": "CNVD-2011-5128" }, { "db": "CNVD", "id": "CNVD-2011-5125" }, { "db": "CNVD", "id": "CNVD-2011-5126" }, { "db": "CNVD", "id": "CNVD-2011-5127" }, { "db": "BID", "id": "50849" }, { "db": "JVNDB", "id": "JVNDB-2011-003530" }, { "db": "CNNVD", "id": "CNNVD-201111-501" }, { "db": "CNNVD", "id": "CNNVD-201112-447" }, { "db": "NVD", "id": "CVE-2011-5007" } ] }, "id": "VAR-201112-0097", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "45e2b734-2354-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "45e91728-2354-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "5b319126-1f7d-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7d2bf0-463f-11e9-bf0d-000c29342cb1" }, { "db": "IVD", "id": "4143b83e-1f7d-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "84af9d86-1f7d-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7e1d2e16-1f7d-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2011-5591" }, { "db": "CNVD", "id": "CNVD-2011-5128" }, { "db": "CNVD", "id": "CNVD-2011-5125" }, { "db": "CNVD", "id": "CNVD-2011-5126" }, { "db": "CNVD", "id": "CNVD-2011-5127" } ], "trust": 5.12310607 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 4.4 } ], "sources": [ { "db": "IVD", "id": "45e2b734-2354-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "45e91728-2354-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "5b319126-1f7d-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7d2bf0-463f-11e9-bf0d-000c29342cb1" }, { "db": "IVD", "id": "4143b83e-1f7d-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "84af9d86-1f7d-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7e1d2e16-1f7d-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2011-5591" }, { "db": "CNVD", "id": "CNVD-2011-5128" }, { "db": "CNVD", "id": "CNVD-2011-5125" }, { "db": "CNVD", "id": "CNVD-2011-5126" }, { "db": "CNVD", "id": "CNVD-2011-5127" } ] }, "last_update_date": "2024-07-23T22:29:05.132000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "http://www.3s-software.com/" }, { "title": "3S CoDeSys CmpWebServer component buffer overflow vulnerability patch", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/37428" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2011-5591" }, { "db": "JVNDB", "id": "JVNDB-2011-003530" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-003530" }, { "db": "NVD", "id": "CVE-2011-5007" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 4.3, "url": "http://aluigi.altervista.org/adv/codesys_1-adv.txt" }, { "trust": 2.4, "url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-11-336-01a.pdf" }, { "trust": 2.2, "url": "http://osvdb.org/77387" }, { "trust": 1.6, "url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-11-336-01.pdf" }, { "trust": 1.6, "url": "http://www.exploit-db.com/exploits/18187" }, { "trust": 1.6, "url": "http://secunia.com/advisories/47018" }, { "trust": 1.6, "url": "http://seclists.org/bugtraq/2011/nov/178" }, { "trust": 1.0, "url": "http://ics-cert.us-cert.gov/advisories/icsa-12-320-01" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-5007" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-5007" }, { "trust": 0.6, "url": "http://www.securityfocus.com/bid/50849" }, { "trust": 0.3, "url": "http://www.3s-software.com/index.shtml?en_codesysv3_en" }, { "trust": 0.3, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-006-01.pdf" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2011-5591" }, { "db": "CNVD", "id": "CNVD-2011-5128" }, { "db": "CNVD", "id": "CNVD-2011-5125" }, { "db": "CNVD", "id": "CNVD-2011-5126" }, { "db": "CNVD", "id": "CNVD-2011-5127" }, { "db": "BID", "id": "50849" }, { "db": "JVNDB", "id": "JVNDB-2011-003530" }, { "db": "CNNVD", "id": "CNNVD-201111-501" }, { "db": "CNNVD", "id": "CNNVD-201112-447" }, { "db": "NVD", "id": "CVE-2011-5007" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "45e2b734-2354-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "45e91728-2354-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "5b319126-1f7d-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7d2bf0-463f-11e9-bf0d-000c29342cb1" }, { "db": "IVD", "id": "4143b83e-1f7d-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "84af9d86-1f7d-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7e1d2e16-1f7d-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2011-5591" }, { "db": "CNVD", "id": "CNVD-2011-5128" }, { "db": "CNVD", "id": "CNVD-2011-5125" }, { "db": "CNVD", "id": "CNVD-2011-5126" }, { "db": "CNVD", "id": "CNVD-2011-5127" }, { "db": "BID", "id": "50849" }, { "db": "JVNDB", "id": "JVNDB-2011-003530" }, { "db": "CNNVD", "id": "CNNVD-201111-501" }, { "db": "CNNVD", "id": "CNNVD-201112-447" }, { "db": "NVD", "id": "CVE-2011-5007" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-12-26T00:00:00", "db": "IVD", "id": "45e2b734-2354-11e6-abef-000c29c66e3d" }, { "date": "2011-12-26T00:00:00", "db": "IVD", "id": "45e91728-2354-11e6-abef-000c29c66e3d" }, { "date": "2011-12-05T00:00:00", "db": "IVD", "id": "5b319126-1f7d-11e6-abef-000c29c66e3d" }, { "date": "2011-12-26T00:00:00", "db": "IVD", "id": "7d7d2bf0-463f-11e9-bf0d-000c29342cb1" }, { "date": "2011-12-05T00:00:00", "db": "IVD", "id": "4143b83e-1f7d-11e6-abef-000c29c66e3d" }, { "date": "2011-12-05T00:00:00", "db": "IVD", "id": "84af9d86-1f7d-11e6-abef-000c29c66e3d" }, { "date": "2011-12-05T00:00:00", "db": "IVD", "id": "7e1d2e16-1f7d-11e6-abef-000c29c66e3d" }, { "date": "2011-12-26T00:00:00", "db": "CNVD", "id": "CNVD-2011-5591" }, { "date": "2011-12-05T00:00:00", "db": "CNVD", "id": "CNVD-2011-5128" }, { "date": "2011-12-05T00:00:00", "db": "CNVD", "id": "CNVD-2011-5125" }, { "date": "2011-12-05T00:00:00", "db": "CNVD", "id": "CNVD-2011-5126" }, { "date": "2011-12-05T00:00:00", "db": "CNVD", "id": "CNVD-2011-5127" }, { "date": "2011-11-29T00:00:00", "db": "BID", "id": "50849" }, { "date": "2011-12-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-003530" }, { "date": "1900-01-01T00:00:00", "db": "CNNVD", "id": "CNNVD-201111-501" }, { "date": "2011-12-26T00:00:00", "db": "CNNVD", "id": "CNNVD-201112-447" }, { "date": "2011-12-25T01:55:04.647000", "db": "NVD", "id": "CVE-2011-5007" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-12-26T00:00:00", "db": "CNVD", "id": "CNVD-2011-5591" }, { "date": "2011-12-05T00:00:00", "db": "CNVD", "id": "CNVD-2011-5128" }, { "date": "2011-12-05T00:00:00", "db": "CNVD", "id": "CNVD-2011-5125" }, { "date": "2011-12-05T00:00:00", "db": "CNVD", "id": "CNVD-2011-5126" }, { "date": "2011-12-05T00:00:00", "db": "CNVD", "id": "CNVD-2011-5127" }, { "date": "2012-11-15T23:10:00", "db": "BID", "id": "50849" }, { "date": "2011-12-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-003530" }, { "date": "2011-12-01T00:00:00", "db": "CNNVD", "id": "CNNVD-201111-501" }, { "date": "2011-12-26T00:00:00", "db": "CNNVD", "id": "CNNVD-201112-447" }, { "date": "2013-05-21T03:12:51.183000", "db": "NVD", "id": "CVE-2011-5007" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201111-501" }, { "db": "CNNVD", "id": "CNNVD-201112-447" } ], "trust": 1.2 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "3S CoDeSys CmpWebServer Component Buffer Overflow Vulnerability", "sources": [ { "db": "IVD", "id": "45e2b734-2354-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "45e91728-2354-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7d2bf0-463f-11e9-bf0d-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2011-5591" }, { "db": "CNNVD", "id": "CNNVD-201112-447" } ], "trust": 1.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer overflow", "sources": [ { "db": "IVD", "id": "45e2b734-2354-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "45e91728-2354-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "5b319126-1f7d-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7d2bf0-463f-11e9-bf0d-000c29342cb1" }, { "db": "IVD", "id": "4143b83e-1f7d-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "84af9d86-1f7d-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7e1d2e16-1f7d-11e6-abef-000c29c66e3d" }, { "db": "CNNVD", "id": "CNNVD-201112-447" } ], "trust": 2.0 } }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.